CVE-2020-29394
HIGHGENIVI Diagnostic Log and Trace <2.18.5 - Buffer Overflow
Title source: llmDescription
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
References (4)
Core 4
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/12/msg00016.html
Exploit, Patch, Third Party Advisory
https://github.com/GENIVI/dlt-daemon/issues/274
Patch, Third Party Advisory
https://github.com/GENIVI/dlt-daemon/pull/275
Patch, Third Party Advisory
https://github.com/GENIVI/dlt-daemon/pull/288
Scores
CVSS v3
7.8
EPSS
0.0186
EPSS Percentile
76.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (2)
debian/debian_linux
10.0
genivi/diagnostic_log_and_trace
< 2.18.5
Published
Nov 30, 2020
Tracked Since
Feb 18, 2026